Microvast Holdings, Inc. 10-K Cybersecurity GRC - 2024-04-01

Page last updated on April 11, 2024

Microvast Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-01 17:16:38 EDT.

Filings

10-K filed on 2024-04-01

Microvast Holdings, Inc. filed an 10-K at 2024-04-01 17:16:38 EDT
Accession Number: 0001760689-24-000007

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY 50 Table of Contents Cybersecurity Risk Management and Strategy Maintaining our information security systems, communication networks, IT systems and data centers utilized by our business, and any outsourced service providers that may hold any data utilized by our business is crucial to the successful operation of our business. The company has made investments in our technology to identify and manage the material risks of cybersecurity threats that could hinder our operations. As part of our regular cybersecurity risk management systems, we routinely reach out to external cybersecurity experts and third-party consultants to provide advice and implement changes in our current policies. The company also relies on the utilization of outsourced service providers who help provide certain functions that are key to the operations of our business. The company has taken steps to ensure the security of any data we might provide to these service providers and to ensure that our operations would be mitigated in terms of risk by engaging reputable service providers who maintain cybersecurity protection programs and protocols for their customers. Microvast has established a combination of policies and procedures, and technologies have been designed and implemented, to prevent, detect, respond to, and recover from cybersecurity threats and incidents. Information security policies are regularly reviewed and updated. The policies were created using NIST-CSF framework to ensure that best practices for information security are being adhered to. Internal control tests are regularly performed to test the compliance of the policy processes and procedures and to remediate any identified gaps. Effect of Cybersecurity Threats The company did not experienced a cybersecurity incident that materially impacted our operations during the year ended December 31, 2023, and the company is not aware of any active risks from cybersecurity incidents or risks that are reasonably likely to have a material impact on the operations of our business, including its business strategy, or financial condition. For more information on additional risks that the company might face regarding cyberattacks and cybersecurity, see Risk Factors - Risks Related to our Business and Industry - Cyberattacks or risks related to cybersecurity could have a material effect on our business. Cybersecurity Governance On July 26, 2023, the SEC adopted a final rule requiring registrants to disclose certain information related to the registrants policies regarding cybersecurity risk management and strategy in addition to current policies regarding cybersecurity governance. Microvast s SVP of Information Technology and the Information Security Manager are responsible for assessing as well as managing and determining the risks that could potentially have material impact on Microvast operations and business activity. The SVP of Information Technology and the Information Security Manager have both worked in the Cybersecurity realm for many years. Both have led information security teams and have deep knowledge of the requirements for implementing and managing a cybersecurity program. Their expertise and experience include establishing policies and procedures, compliance enforcement, and the ability to identify potential security risks and develop strategies for mitigating those risks, incident response planning and threat mitigation. The management team plays a crucial role in the cybersecurity process by setting the tone for the organization s approach to cybersecurity and ensuring that it is integrated into the overall business strategy. Key responsibilities of Microvast management in cybersecurity include: setting security objectives: establishing clear security objectives that align with the organization s overall goals and risk tolerance. resource allocation: ensuring sufficient resources, including budget, personnel, and technology, to effectively manage cybersecurity risks. policy development: ensuring security policies and procedures align with industry standards and best practices. risk Management: overseeing the organization s risk management program including conducting regular risk assessments and implementing controls to mitigate identified risks. incident response: Providing oversight and ensuring that the organization has an effective incident response plan that has been tested and employees trained on how to effectively respond to cybersecurity incidents promptly and appropriately. 51 Table of Contents compliance: ensuring that the organization complies with relevant and applicable cybersecurity regulations and standards and stays abreast of emerging threats and best practices. The Board reviews and evaluates the organization s effectiveness to manage cybersecurity threats. The SVP of Information Technology, the General Counsel, and the CEO are responsible for reporting and communicating cybersecurity threats that have material impact on the organization to the Board. The Board regularly reviews the organization s risk posture and provides guidance to minimize or mitigate risk. 52 Table of Contents

Company Information